Users management

Simon Grange.

One of the most important new features introduced in the version 2.5 of Joomla! is the users management. Indeed, in the version 1.5, the number of user groups and access levels was really limited. Since Joomla 2.5, you can create your own groups and your own access levels, therefore, you can customize all parameters according to your needs.

Joomla!'s permissions and access system is called ACL (Access Control List). This system consists of two distinct parts:

Who can do what?

Who can see what?

The ACL system can seem a little bit complex. That is why we won't spend time theorizing in this chapter, we are going to focus on the practical side with a concrete example instead.

In this chapter, we are going to see how to build a Joomla! site that contains different user groups. These user groups will be able to see only some parts of the content and they'll be able to perform only some actions.

With this aim in view, let's take the example of a high school website which has the following users:

A Principal who can access the whole site (Frontend/Backend) and perform all the tasks he/she wants.

Teachers divided into two groups:

Science Teachers who can connect to the Frontend to access all contents and to the Backend to create the science-related content. In Backend, these teachers can access the science article category (and this one only) and inside, they can create articles, publish them or delete them.

Literature Teachers who can connect to the Frontend to access all contents and to the Backend to create the literature-related content. In Backend, these teachers can access the literature article category (and this one only) and inside, they can create articles, publish them or delete them.

Students, who are divided into two groups:

Science Students who can connect to the Frontend to access the science content and this one only. These students can also submit some science articles that need to be to approved and then published by science teachers.

Literature Students who can connect to the Frontend to access the literature content and this one only. These students can also submit some literature articles that need to be approved and then published by literature teachers.

Visitors who can access the site's home page.

User Groups

First of all, we are going to create the different user groups that are necessary for our site. When installing Joomla!, several groups were created. Some perfectly suit our goals and some don't, so we'll have to create them.

The Principal: The user group to which the Principal will belong already exists, it's the Super Users group. Belonging to this group allows the Principal to access the entire site and to perform any actions.

Teachers: There is no predefined group that suits our needs. We will therefore have to create the groups of Teachers. In anticipation of the creation of a third group of teachers someday (e.g. industrial arts teachers), we will first create a group called Teachers, then, we'll create two child groups: Science Teachers and Literature Teachers.

To do so, select Users → Groups and then hit the New button.

Enter:

Group title: Teachers

Parent group: Registered (so this group inherits permissions from the Registered group and can connect to the Frontend).

Click the Save & Close button.

Click the New button again to create the group of Science Teachers:

Enter:

Group title: Science Teachers

Parent group: Teachers (so that this group inherits permissions from the Teachers group).

Hit the New button once more to create the group of Literature Teachers:

Enter:

Group title: Literature Teachers

Parent group: Teachers (so that this group inherits permissions from the Teachers group).

Students: none of the existing groups meet our needs, so we need to create the students groups. In anticipation of the possible creation of a third group of students someday (e.g. industrial arts students), we will create a Students group, and then its two child groups: Science Students and Literature Students.

To do so, select Users → Groups, then hit the New button.

Enter:

Group title: Students

Parent group: Registered (so that this group inherits permissions from the Registered group and can connect to the Frontend).

Click the Save & Close button.

Now hit the New button again to create the Science Students group:

Enter:

Group title: Science Students

Parent group: Students (so this group inherits permissions from the Students group).

Click the New button once more to create the Literature Students group:

Enter:

Group title: Literature Students

Parent group: Students (so this group inherits permissions from the Students group).

Visitors: The user group to which visitors should belong already exists, it's the Public group.

We have just created all our user groups. If everything went well, when you select Users → Groups, you should see the following screen:

User Groups

Access Levels

Now that we've created our groups, we are going to configure the access levels so that our users can access some contents but not all of them.

The purpose of the access levels is to define "who is going to access what". Let's create two new access levels: Science and Literature.

Select Users → Access Levels and hit the New button.

To create the Science access level:

Access level title: Science

User groups access levels: tick:

The Super Users group, so the Principal can access the content of this level.

The Science Teachers group, so the Teachers belonging to this group can access the content of this level.

The Literature Teachers group, if you want Literature Teachers to also be able to access the science content, without allowing them to edit it though.

The Science Students group, so that the Students of this group can access the science content.

To create the Literature access level:

Access level title: Literature

User groups access levels: tick:

The Super Users group, so the Principal can access the content of this level.

The Literature Teachers group, so the Teachers belonging to this group can access the content of this level.

The Science Teachers group, if you want Science Teachers to be able to view the literature content, without allowing them to edit it though.

The Literature Students group, so that the Students of this group can access the literature content.

Then, select Users → Access Levels and edit the Special Access Level. This level gives access to administration items. In order for teachers to be able to access the article manager, you need to check the Teachers group. Because both the Literature Teachers group and the Science Teachers group belong to the Teachers group, they will access this Special level.

Permissions

Now that we've set the access levels, let's configure the permission settings. In Joomla!, the permissions gather the actions that users are allowed or not allowed to perform.

Global permissions

Let's start with the site's permission settings. Select System → Global Configuration → Permissions. Here, the only group that is of interest for us is the Teachers group. Click the Teachers group tab and set the action Admin Login to Allowed.

Then, click the Save & Close button.

Permissions in the Article Manager

To allow teachers to create articles in their respective categories, Science and Literature, we will first need to create these two categories. To do so, select Content → CategoryManager and click the New button.

New Category

Let's create the Science Category:

1 - Title: Science Category

2- Access: Science

3 - Category permissions:

Science Students Tab:

Create → Allowed

Delete → Inherited

Edit → Inherited

Edit state → Inherited

Edit own → If you want students to be able to edit their articles once they have been approved and published by teachers, select Allowed, otherwise select Inherited.

Science Teachers Tab:

Create → Allowed

Delete → Allowed

Edit → Allowed

Edit state → Allowed

Edit own → Allowed

Hit the Save & New button. We are now going to create the Literature Category:

1- Title: Literature Category

2 - Access: Literature

3 - Category permissions:

Literature Students Tab:

Create → Allowed

Delete → Inherited

Edit → Inherited

Edit state → Inherited

Edit own → If you want students to be able to edit their articles once they have been approved and published by teachers, select Allowed, otherwise select Inherited.

Literature Teachers Tabs:

Create → Allowed

Delete → Allowed

Edit → Allowed

Edit state → Allowed

Edit own → Allowed

Next, hit the Save & Close button.

We've created and configured our categories. All that remains now is to grant teachers access to the category manager. To do so, select Content → Article Manager (or you can also select the Category Manager which has similar settings) then, click the Options button in the toolbar in the upper right corner of the page and click the last tab: "Permissions".

In the Permissions tab, click the Teachers group and set the Configure action to Allowed.

Then, hit the Save & Close button.

In Frontend

Now that all permissions and access levels are correctly configured, let's create some modules and menus to enable our users to access and create content in Frontend.

A connection module

First of all, we must create a connection module. If you haven't created a connection module yet, open the module manager, create a connection module and publish it with its access set to Public.

A main menu

To allow your users to connect to the website, you need to create a main menu that includes at least the site default menu item with a Public access level. In this way, all users will be able to access the site's home page. Visitors will be able to see the public content and the Principal, the Teachers and the Students will be able to login.

A private menu

To allow registered users to access the private section and therefore the private content of the site, we need to create a menu which includes the following menu items:

Science Articles:

Type: Category Blog → Science Category.

Access Level: Science.

Literature Articles:

Type: Category Blog → Literature Category.

Access Level: Literature.

Submit an article:

Type: Create an article.

Access Level: Registered.

Then, create a module to display this private menu and set its access level to Registered.

There you go!

All you have to do now is to create your articles inside the correct categories, to create your users and to assign them to the right groups.

Note: When creating the user accounts of your teachers, don't forget to enable the system email notification so they can receive an email each time a student submits an article.